iptables

Hello everyone, I'm trying to make my own router/firewall with OPNsense as a VM in Proxmox. What's not clear to me is if I can let OPNsense connect to the internet directly, or if that put Proxmox at risk and thus I should add the Proxmox Firewall to be safe? In both cases Proxmox will be...

Hi, I'm trying to learn a bit more in-depth about networking in Proxmox in order to diagnose some connection issues I'm having. I thought maybe to just get confirmed how I believe packets are processed when sent to a container or VM. Say I have a host with a single public IP and some guests. I...

Hello guys, as I'm having a pretty tough time to get one of the services (BigBlueButton) to work I would like to try the deployment with a 1:1 NAT in iptables. Long story short, I have a virtualised opnesense/pfsene, tried really everything in there (1:1Nat), port forwardings, different reverse...

This is 4th try after getting no responses from Stack Exchange sites [1, 2, 3] and I've been fighting with this issue for ~2 weeks. I really hope someone can help me with this issue. --- I have a setup like this (this diagram is also available here): I'm running a single PVE host in my...

Hello. I have a NAS directly connected to my Proxmox machine, which forwards all NFS traffic via iptables to the NAS (I can't directly connect the NAS per our system policy). I can connect to the NFS share from every other machine on our network but not from ProxMox or the VMs running on it...

Hi, I'm not sure if I asked the question already, checked but cannot find in my posts. Basically I have some custom iptables rules per VM/adapter and I do logging. These logs go into the main node logs instead of the VM Firewall logs. /sbin/iptables -N ... /sbin/iptables -A ... -m limit...

Preface Hi together, this thread is highly connected to the issue I explained here: Connected issue I think it has the same root cause but since I got no answer there I tried to narrow down the problem, reframe it. So now I have a different symptom that is based on a more "common" scenario, that...

Hi everybody, I am struggeling with a problem where I did not figure out yet if it is a "basic" networking problem or something that has to do with my SDN configuration. The setup is the following: I have two VEs (192.168.2.10 and .11) coupled as a cluster. Within this cluster there is an...

I am trying to port foward HTTP:80 to IP: 24.12.3.250 I can access my website from 24.12.4.250 since it on the internal network shown below, but when its time to access it from outside the private network I can't access it. (The unnamed router at the top is my home network with the subnet...

Hello, I'm experiencing a pretty strange connection issue when connected to the second vpn VM (wireguard). I got two proxmox nodes, each do have a VM with wireguard, a VM with a dns server, a VM with traefik proxy, both nodes have the same etc/network/interfaces files. Both wireguard VMs are...

This is my current network setup on host one (vm01). I have a public network available over vmbr0 and a private network connected to a nic over vmbr1 (used for cluster traffic and VM private network via a vlan). Now I want to NAT the vlan onto vmbr0 so that the vms can have limited internet...

I have the current setup, which after two days of trying should be correct. I can't get the iptables nat config to redirect traffic from either my vlan or the interface vmbr1 at all. At this point I can't see any other option... auto lo iface lo inet loopback iface enp2s0f0 inet manual iface...

I don't know when this issue started, but I have IPv6 disabled via grub by using "ipv6.disable=1" on GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub. My syslog is being flooded with the following messages: Nov 19 10:53:24 pve pve-firewall[1053]: status update error: iptables_restore_cmdlist...

Hi, I have created my own LOG chains for specific rules added for each guest. My first question is how can I log in separate log file like PVEFW does per guest? Currently all logs go into the Node's firewall log. Second question is, how can I format the log output to be similar to PVEFW? At...

I`m trying to add some custom iptables rules (like connlimit) for guest machines. Example rule is: -A tap101i0-IN -p tcp -m connlimit --connlimit-above 30 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset As seen tap101i0 is the vm 101 adapter. The rule has no effect, I...

I'm having a really hard time trying to add and keep some custom iptables rules. Reading across several threads, iptables-persistent came to light. With that being said I have installed it with apt-get install -y iptables-persistent and all the rules got saved into the corresponding files...

Hi, After checking quite a few articles found here and on some other websites, it's still not clear for me how one can add custom IPTables rules for each VM. Checking the current host with just one VM at the moment I can see: -A tap100i0-IN -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A...

UBUNTU-VM acts as a router to route traffic over wireguard (UBUNTU-VM is within a proxmox VE). NAS is an old WD EX2, which is not on wireguard, traffic from it passes through the proxmox UBUNTU-VM. The problem is that bandwidth from NAS going outside to VPS is very slow, only 300KB/s (transfer...

I'm trying to set up Proxmox VE firewall rules; except those rules don't seem to do anything on CT level. I had enabled firewalling at: Datacenter level PVE level CT's vNIC (net0) level CT level ^ The minute I enable firewalling completely, I can see that all the incoming connections are...

Hello! I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies. I managed to block through Suricata the situation in which a client scans a certain IP...